While data aggregators can offer investors the convenience of a single snapshot of multiple financial accounts, they can also present cybersecurity, unauthorized use and identity theft hazards, the Financial Industry Regulatory Authority warns in a just-released alert.
The alert notes that consumers must first agree to provide aggregators their login information across financial accounts at separate financial institutions to track information on IRAs, 401(k)s, brokerage accounts and savings accounts.
To create a single “dashboard,” the alert states, aggregators will ask the user to provide their separate sets of username/password credentials so that it can access each financial account.
“Your security credentials allow the aggregation service to grab or ‘scrape’ this data, often on a daily basis,” using an automated process involving a code or a “robot” that goes out to the third-party websites, registers using your security credentials, and collects applicable account information.
However, sharing security credentials for financial account information can expose the user to privacy and security risks.